News and Events

On February 27, 2018 the CERT Division of Carnegie Mellon University’s Software Engineering Institute issued advisory #475445, outlining a design flaw in Security Assertion Markup Language (SAML) implementations, which affects various Single Sign-On (SSO) software and several open source libraries meant to support SAML-based SSO operations. Centrify customers are not susceptible to this vulnerability nor any Service Provider Applications that leverage the Centrify SDK (for more details, click here). The disclosed vulnerability drew a lot of media attention, generating coverage by tech publishers like ZDNet, eWeek, and TechTarget. Some of you might ask why there has been so much hype…

As with most aspects of the EU, unhindered cross-border data flows are something most U.K. firms just take for granted these days. Thanks to the cloud, huge volumes of corporate data is stored in third party providers’ data centres, frequently not even in the UK. Aside perhaps from those in highly regulated sectors, corporate users don’t think twice about accessing that data, and sending it to and from partners and customers on the continent. However, the U.K.’s departure from the world’s biggest trading bloc raises new questions about the legality of such transfers. In a new report, the House of…

As we discussed in part I of this article, many companies are still in the process of modernizing their legacy apps. There are a number of reasons to do this, but securing your environment is typically the main goal. We’ve already identified that a (software) token-based system as essential. Let’s continue with a couple more best practices. Provide for User Provisioning An application needs user data — not for authentication, but because it needs to know the role and responsibilities of the person logging in so that privileges inside the app can be managed and regulated. Therefore, a database of…

The subject of modernizing apps has been around for years, but while talking to a partner organization recently, I was reminded that there are a number of companies with legacy apps that are just now getting around to dealing with them. What Apps Need Modernization? The commercial apps you’re implementing into your environment today should not need to be modernized. If, however, you’ve developed your own apps or you continue to use legacy commercial apps developed several years back, you may have some work to do. Why Modernize an App? Companies most often modernize apps as a method of improving…

Well, I forgot another holiday. As I get older, it just happens more and more. Good news: It wasn’t my anniversary — though at this rate I’m sure to forget that soon enough. No, this time I forgot all about World Password Day. And you know what? I bet you did too. It’s just something about passwords. We forget them. We forget to reset them in time. We forget the “holidays” associated with them. We need something better, and when we can’t eliminate them, we need a better way to reset them. For ServiceNow customers, that means using something like Centrify…

Being in tech and a self-proclaimed sports junkie, I couldn’t resist writing my blog about my favorite sporting event — March Madness. If you’re like me, you watched the selection show this past weekend and started thinking about your bracket. You said to yourself, I know the perfect bracket is impossible — but one day I’m going to get it right. Depending on who you listen to the odds range from a high of 1 in 128 billion to a low of 1 in 9.2 quintillion (yes, that’s a real number — 9 followed by 18 digits). So, I wasn’t too…

I am pleased to write that Centrify announced today our Multi-Factor Authentication Everywhere initiative (aka “MFA Everywhere”) that is aimed at further securing enterprise identities against today’s most prevalent source of cyber attacks — compromised credentials. With this announcement, Centrify is now delivering one of the industry’s most easy-to-use adaptive MFA solutions that supports all types of enterprise users — including employees, contractors, outsourced IT, partners and customers — across a broad range of enterprise resources — including cloud and on-premises apps, VPNs, network devices, and cloud and on-premises servers. In this blog I will talk about why you need MFA and…

This is a very short blog. Short on text, that is. Long on value. If you’re in IT, especially in IT management, please click on the following link to see the many ways — some unique to Centrify — that our new Server Suite 2016 and Privilege Service 15.12 protect your most sensitive data from being stolen. Rather than toss out a load of features and leave you struggling to figure out how to thread them together in a meaningful way that addresses your specific business needs, we’ve weaved them into a story. Stories are great! It’s fictional, but oh so apt given all the…

Let’s continue our purely fictional story from last time, where we stepped into the shoes of our IT consultant, Tony. You may recall he works for ACME Consulting who provides outsourced IT services to Banzai. In a nutshell, we showed how easy it can be for Banzai to improve security, reduce risk, increase visibility, and provide secure access from anywhere, leveraging Centrify’s Privilege Service and Server Suite. Let’s peek inside Banzai’s IT world for an update from the IT Director, Tom: Well, the results came in and it’s safe to say (no pun intended) that our expectations were fully met with the…

Over the past two years I have had countless conversations with customers and prospective customers who have asked: “we love what you do for SSO and MFA for employees, and how you do privileged identity management for IT staff … can we extend those capabilities to our business partners and customers?” These customers have all had a common goal in mind — they want to use a single platform and tool to manage user access to resources regardless of who the user is or where the user identity comes from. Well, to all of those people who I have discussed…

Centrify CEO Tom Kemp, an industry expert in security and infrastructure software, discusses market and technology issues around the disruption occurring in the Identity and Access Management market due to the cloud, mobile and consumerization of IT trends occurring in today's IT environment.